Extracted

• • Target

    5f12ee0760aad6ce125075b675a1d425cc92a87b120eebc72485ef7bff2d94d4

  • Size

    479KB

  • MD5

    8c3c6ffdf6bbb359c2f03b405ecf5a8f

  • SHA1

    c21939a5dd4d9db57b5e6fb7e599b1088c2a59fb

  • SHA256

    5f12ee0760aad6ce125075b675a1d425cc92a87b120eebc72485ef7bff2d94d4

  • SHA512

    69963fbd11446f7acc6f5c5783bd635a12b75749888b5ba4e872ca9db7c162aba8e436f399be7908718561c9358e631b1748af64da10c4efab042a8c9e550493

  • SSDEEP

    12288:5Mrmy90lUvvw0sbz7CmNBp1DtMvpUy1TNTdP37zpzZiz:vyqU3wvbz7Cmqp1v7zZZ6

  Score

  10^/10

  redlinedeasediscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1